Excuse me,
1 if use JWT, login to generate good token can need not add redis, directly in the interceptor validated test request header token can also?
2 when expired after refresh token, how to get the front, a little dizzy,
Hope you reply, thank you
CodePudding user response:
1 to see what was on your token information, if the authentication token information enough, can not put redis
2
The background to authentication token
Front end sends a request with the token, backend authentication token expired, redirect to illegal page, guide the user to log in or to access token (such as dynamic password)
CodePudding user response:
You say the refresh token is automatically renew that still need to log back in that
CodePudding user response:
Is automatic renewal of that kind of, don't know how to access token again, front end such as the back-end to renew token and then put it in the response headers, front end how once again?
CodePudding user response:
refer to the second floor sunglow radiance response: you said the refresh token is automatically a renewal that still need to log back in the sort of? Is automatic renewal of that kind of, don't know how to access token again, front end such as the back-end to renew token and then put it in the response headers, front end how once again? CodePudding user response:
You how the front end of the call back? The front-end (request) - & gt; The background (token fails, the refresh token) return (response) - & gt; The front (to get the response, save token) CodePudding user response:
reference 1st floor qybao response: 1 do you have any information of the token, if the authentication token information enough, can not put redis 2 The background to authentication token Front end sends a request with the token, backend authentication token expired, redirect to illegal page, and guide users to log in or to access token (such as dynamic password) Oh, oh, thank you, how do you know redis key, the interceptor is login token generated when good, at the same time, put the token to the response headers and redis, then the interceptor token was obtained from the request header value, use this value as the key to check redis? CodePudding user response:
Excuse me, such as token expired, the interceptor by JWT couldn't take the expiration time compare, can't refresh, as soon as I get an error, I don't know what to do? Is generated when the token at the same time to be alone to save the time to redis in, and then when the refresh, again through the interceptor from redis take time out and the current time than see if need to refresh? CodePudding user response:
What information do you have in your JWT? Don't expire? CodePudding user response:
Have expiration time, but when the token is out of date, no matter the user information and expiration time couldn't take it, take a direct throw exceptions, so I want to generate token, time alone in redis it at the same time CodePudding user response:
Token contains expiration time you wouldn't have to save the token in the service side If you want to renew, direct throw not to go in the cookies? CodePudding user response:
Oh, oh, I always put cookies don't feel safe, so thinking about put redis CodePudding user response:
Capture expire abnormalities, oneself use base64 decoding token out relevant information, the best information have a refresh period, determine whether the refresh period, is the refresh token, business processing after the end of the token returned to the client together; Not refresh period tends to guide to the login page, CodePudding user response:
The front-end (request) - & gt; The background (token fails, the refresh token) return (response) - & gt; The front (to get the response, save token) Wouldn't it be send a request every time want to determine if expired, or front there is also an interceptor, judging to intercept, CodePudding user response:
reference 5 floor qybao reply: you how the front end of the call back? The front-end (request) - & gt; The background (token fails, the refresh token) return (response) - & gt; The front (to get the response, save token) Wouldn't it be send a request every time want to determine if expired, or front there is also an interceptor, judging to intercept, CodePudding user response:
Can I go to my home page to see the release of the token of JWT